Once you've navigated your way through the frequently choppy waters of mail server setup, configuring the Sophos ES1100 e-mail security appliance will seem like a day at the beach.
The CRN Test Center dove into the Sophos ES1100, the entry-level unit in the company's series of 1U enterprise data protection appliances that block e-mail-borne spam, viruses and other malware. With its easy setup, Sophos impressed us from the start; a four-page setup guide simplifies the job for nontechnical staff, and installation instructions include cabling directions, default IP addresses and simplified rail illustrations for multiple rack types.
Like most such appliances, the ES1100 works by inspecting all of a company's incoming and outgoing e-mail messages, filtering those with cargo known or suspected to be malicious. Setup time can be relatively quick, with most of the time spent entering customer server data and telling the customer's servers about the ES, which will be known to on-site systems as a mail relay.The rated processing capacity of the dual-core ES1100 is 200,000 messages per hour, which is well above the needs of most small businesses.
A 250-GB internal SATA drive stores flagged e-mail until disposition and allows the unit to optionally serve as a message repository for compliance with Sarbanes-Oxley, HIPAA and other government regulations. Higher-end units in the series incorporate quad-core processors and hot-swap drives and power supplies. The sturdy ES1100 has a single, 260W fixed power supply.
Some of the setup for the ES1100 can be done before arriving on-site, including mounting of fixed chassis rails and entering any known customer settings. Out of the box, a setup wizard is accessed through any browser via an auto-sensing Ethernet configuration port using addresses in the setup guide. Embedded software is slick and well developed, with a concise, intuitive user interface that is clean and simple. Everything runs atop a "hardened" version of FreeBSD.
Once the device is set up and working, the reseller may never need to return; monitoring, malware disposition and other administrative and maintenance chores not offloaded to the customer can be taken care of remotely. For problems too severe for your staff, Sophos can tunnel through even the most iron-clad of firewalls using SSH tunneling software built into the device. Context-sensitive help is extremely well written and concise, offering useful guidance in a new browser window for any task, along with glossary terms and a link to the parent topic. At the bottom of the help system's tree view is a link to the full help file in PDF format.
Sophos further differentiates its products with the speed of reaction to new malware threats.
"As soon as we identify a campaign and do a realtime look-up, it's deployed and available to everyone," said Scott Cressman, technical product manager at Sophos, Burlington, Mass. Other malware detectors take a less active approach, he said. "Their process is to identify a campaign, build in protection, bundle it as a data update and put it in their repositories so people can download it. Our data updates come down frequently and automatically."
The Sophos ES1100 also can be easily configured to scan outgoing messages for sensitive data such as credit card information and Social Security numbers. Messages found with this personal information can be stopped, flagged or automatically AES-encrypted, any of which can trigger sender, recipient and administrator messages accordingly. For customers using or requesting Postini or other cloud-based malware detectors, such services work on outgoing mail only after it has left the building.
"Keeping it on-premise is better for data protection because your data isn't leaving the premises before getting stopped, and the jury is still out on how secure these cloud providers are," Cressman said.
Sophos lists for $3,295 plus $37.50 per user per year (minimum 100 users) with e-mail security and data protection. Multiyear discounts are available. Cressman told the Test Center that Sophos is currently developing "some small business appliances that combine software and hardware for a far lower price." He declined to provide further details.
After testing and evaluation, the CRN Test Center recommends this product for a number of reasons, including ease of installation and the power of the software included.